1 / 29

Cosc 4765

Cosc 4765. SOPHOS Security Threat report about 2010. Cybercriminals prey on our curiosity, and perhaps our vulnerability and gullibility, and use psychological traps to profit from unsuspecting technology users.

hesper
Télécharger la présentation

Cosc 4765

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cosc 4765 SOPHOS Security Threat report about 2010

  2. Cybercriminals prey on our curiosity, and perhaps our vulnerability and gullibility, and use psychological traps to profit from unsuspecting technology users. • Malware scams and exploits targeting social networking websites, applications, devices, and users proliferate. • At the same time, traditional attacks continue to become more sophisticated to target the most advanced software, hardware and websites.

  3. Today, users are the content. Driving the growth, and at the same time being driven by it, the explosion in mobile computing is expanding the impact of the social web. And, the way that content is shared and accessed is now the core of a new global culture, affecting and combining the spheres of personal and business life.

  4. Identifying the threats • SophosLabs analyzed 95,000 pieces of malware • 1 unique file every 0.9 seconds, 24 hours a day. • Today, more than ever before, hackers aren’t just producing malware for notoriety • they’re producing it for large financial gain. • the more significant threats of 2010: • Most of these are not new ideas, but recycled ideas from the past.

  5. Side note • Independent test lab AV-Test, discovers it’s 50 millionth virus/malware (Jan 26, 2011) • 55,000 new malware each day or one every 2 seconds • History: • 1985: 553 different viruses • 2000: 176,312 • 2006: about 1 million • 2010: about 20 million different malware variants • Source: http://www.av-test.org/

  6. Fake anti-virus software • Also known as “scareware” or “rogueware” • Malware installed onto the system that closely resembling and in some cases directly impersonating genuine security solutions. • Users are forced to pay for the full version, handing over important information. • It doesn’t do anything, but likely install more malware • Also the bad guys have your credit card information now! They can now attempt to take over your identity

  7. Fake anti-virus software (2) • Sophos: • over half a million fake anti-virus software variants have been encountered. • Real warnings have become difficult to tell from fake warnings.

  8. Attacks using Internet marketing techniques • Black hat SEO and SEO poisoning attacks • Search Engine Optimization (SEO) are marketing techniques use by legitimate firms to help promote their internet presence • involves careful selection of keywords and topics to increase a page’s popularity and rating in search engine results, which are sorted based on link rankings • Blackhat “hijack” search terms to generate lots of traffic to their sites. Normally rouge or poisoned sites. • Google reported that up to 1.3% of their search results are infected.

  9. Social engineering techniqueson social networks • Facebook, twitter, and the rest • targeted this massive and committed user base , with diverse and steadily growing of attacks throughout 2010. • One of the more common types of attack hitting Facebook users is “clickjacking,” also called “UI redressing.” • These attacks use maliciously created pages where the true function of a button is concealed beneath an opaque layer showing something entirely different. Often sharing or “liking” the content in question sends the attack out to contacts through newsfeeds and status updates, propagating the scam.

  10. Social engineering techniqueson social networks (2) • Clickjacking attacks not only spread social networking link-spam, they also regularly carry out other actions such as granting access to valuable personal information and even making purchases. • One of the main financial motivations behind clickjacking is money earned from survey scams.

  11. Social engineering techniques on social networks (3) • The “Survey scam” tricks users into installing an application from a spammed link. To access the application’s alleged (but often non-existent) functionality, users must grant access to their personal data. This sends out links to a new stash of contacts; that also must fill in a survey form, which earns the application creators money through affiliate systems.

  12. Social engineering techniqueson social networks (4) • Spam reports • 2010: 67%, 2009: 57%, 2008: 33.4% • Phishing • 2010: 43%, 2009: 30%, 2008: 21% • Malware • 2010: 40%, 2009: 36%, 2008: 21.2% • Do you think your employee’s behavior on social networking sites could endanger security at your company? • Yes: 59%

  13. SPAM • January 2011: 78.6% of all email was spam • The lowest rate since March 2009 • 75.7 percent of all email was spam. • The highest rate was May 2010, which 85% of email was spam • In January 2010, 59% of all spam was Pharmaceutical spam • Reference: http://www.internetnews.com/security/article.php/3922281/Spam+Volume+Tumbles+in+January.htm

  14. Botnets and SPAM • Almost all of this spam comes from botnets, Sophos found. In Microsoft's latest Security Intelligence Report, the company reported that the U.S. was home to some 2.2 million PCs infected with botnet malware—roughly four times as many as Brazil, the country with the next highest amount.

  15. Pharmaceutical spam • So you buy drugs from the spam. • Assuming you actually receive it • And it doesn’t kill you. • Later on you are scammed again • Fake FDA messages about paying a fine or face legal action.

  16. Social engineering techniques on social networks (4) • A cross-site scripting (XSS) vulnerability in the Twitter website also put users at risk in 2010. This vulnerability allowed links to be posted with embedded JavaScript code known as “onMouseOver.”

  17. What puts you at risk? • Malware attacks can strike at anytime and from anywhere. • Weak passwords, mobile devices and social networks, everyday software, removable media, operating systems and web all pose risk.

  18. Passwords • Passwords represent a serious hole in security • Bad passwords are always going to be a problem. • The biggest such incident in 2010 affected over a million users of several popular sites operated by the Gawker Media group • while Mozilla’s leak of 44,000 sets of logins from its add-ons system seems to have only affected inactive accounts.

  19. Mobile devices and smartphones • According to Gartner • 1 in 6 people have access to a mobile device • Iphone • Early 2010, apple releases updates to patch 65 vulnerabilities, plus a further patch for another dozen. • Potential iphone spyware was release (also blackberry too) • Proof of concept botnet made up of Iphones and androids • Nearly 8,000 phones, before it was discovered. • Jailbreaking an iphone, removes almost all security on the phone, making them very vulnerable to attacks.

  20. Mobile devices and smartphones (2) • Android • In early in 2010, Google found and removed banking malware from the site when a wallpaper application gathered information on over 1 million Android users. • Researchers at the BBC put together their own smartphone spyware with ease and researchers spotted a basic SMS Trojan in Russia, although it didn’t make its way onto the Android market. • Flash • Well now we need adobe applications updates as well.

  21. Mobile devices and smartphones (3) • Windows 7 phone • Microsoft’s reputation for favoring functionality over security does not bode well for security on the devices. • Blackberry • The BlackBerry security-built-in model is fairly successful so far, although potential spyware applications have been introduced.

  22. Mobile devices and smartphones (4) • Palm Pre • A flaw exposed this year granted cybercrooks a backdoor into Pre systems via a maliciously-crafted mail message or webpage. • Nokia and Symbian OS • Still the largest phone manufacture. • There have been a number of malware produced for the Symbain OS.

  23. software • Adobe • PDF Reader • New exploits appearing at least 1 a month for most of 2010 • Maliciously crafted PDFs, with payloads that could infects systems (Windows and Mac) • Flash • a trick to install exploits if flash wasn’t already installed • As well as several Zero-day exploits in flash itself. • Sun/Oracle • Java had several different security holes in the JVM.

  24. Removable media • Exploits using USB drives to automatically run when the device was inserted into a computer • Requiring Autoplay to be turned off • But • Stuxnet found and exploited an unpatched vulnerability to bypass the Autoplay being off.

  25. Removable media (2) • IBM handed out infected USB drives at the AusCERT security conference • They contains two pieces of malware. • This was an accident, not intentional. • Poor quality control or security measures at “factories” can lead to “pre-infected” devices with malware • Not just USB, but other devices like camera, Sdcards, phones, and even DVDs.

  26. OSs • MS Windows 7 • While more secure then XP and Vista, it has still had numerous security fixes. • Malware creators are now target Windows 7 specifically, since it is over taking XP as the top Windows OS. • Mac OS X • Smaller install base, but … • OSX/Pinhead Trojan targeted the iPhoto application • Numerous Trojan and malware targeted at user to open backdoors in the UNIX environment.

  27. Web and Web Servers • Malvertising • Putting malicious advertisements onto websites. • May appear alongside leg ads • The ad server software maybe hacked or getting them by checks run by ad suppliers • Minnesota’s largest newspaper, Farm Town, and even Google fall prey to them.

  28. Web and Web Servers (2) • Sophos see almost 30,000 new malicious URLs every day! • 70% are legitimate websites that have been hacked. • Examples: • European site of the tech blog: TechCrunch • Several news organizations, like Jerusalem post • Government websites such the U.K.’s somerset country council • Large US hosting provider were all hit • Injected JavaScript • http://nakedsecurity.sophos.com/2010/11/30/large-us-hosting-provider-hit-in-web-attack/

  29. Q A &

More Related